Section 25: Networking - VPC Flashcards

1
Q

What is CIDR - IPv4?

A
  • CIDR = Classless Inter-Domain Routing, a method for allocating IP addresses
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Subnet Mask

A
  • XX.XX.XX.XX -> Is the Base IP
  • the value after the “/” is the subnet
    - 32/ = No IP can change
    - 24/ = The last IP can change
    - 16/ = The last 2 IP’s can change
    - 8/ = The last 3 IP’s can change
    - 0/ = All the IP’s can change
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Internet Gateway?(IGW)

A
  • Allows resources in a VPC to connect to the internet.
  • Must be created separately from a VPC
  • One VPC can only be attached to one IGW and vice versa
  • Internet Gateway on their own do not allow Internet access
  • Route tables must also be edited.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Bastion Hosts?

A
  • We use a Bastion Host to SSH into our private EC2 instances
    Example
    - When your EC2 instance is in a Private Subnet and you want to ssh to
    it, you connect to a Bastion host in the Public Subnet and then connect
    to the EC2 in the Private Subnet.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a NAT Intsance?
P294

A
  • NAT = Network Address Translation
  • Allows EC2 instances in private subnet to connect to the internet
  • Must be launches in a public subnet
  • Must have Elastic IP attached to it
  • Route Tables must be configured to route traffic from private to the NAT instance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is NAT Gateway?

A
  • AWS managed NAT, higher bandwidth,high availability, no administration
  • NATGW is created in a specific Availability Zone, uses an Elastic IP
  • Required an IGW (Private Subnet => NATGW=>IGW)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is NACL(Network Access Control List)

A
  • NACL are like a firewall which control traffic from and to subnet
  • One NACL per subnet, new subnet are siggned the DEFAULT NACL
  • You define NACL Rules:
    - Rules have number(1-32766)
    - First rule match will drive the decision
  • Newly created NACL will deny everything
  • NACL are great way of blocking specific IP address at the subnet level
  • The Default NACL accepts everything inbound/outbound with the subnet its associated with
  • NACL is stateless
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is VPC Reachability Analyzer?

A
  • A network diagnostic tool that troubleshoots network connectivity between two endpoints in your VPC
  • It used the network configuration to determine if two endpoints are reachable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is VPC Peering

A
  • Privately connect two VPCs using AWS network.
  • Make them behave as if they were in the same network.
  • You must update route tables in each VPC’s subnets to ensure EC2 instances can communicate with each other.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is VPC Endpoints (AWS PrivateLink)
P306

A
  • VPC Endpoint allows you to connect to AWS services using a private network instead of using the public Internet. Because AWS is exposed to the public, it allows you to connect privately.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What 2 VPC Endpoints do you get?

A

1) Interface Endpoints
- Provisions an ENI(private IP address) as an entry point
- Supports most AWS services.

2) Gateway Endpoints
- Provisions a gateway and must be used as a target in a route table
- Supports both S3 and DynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is VPC Flow Logs?

A
  • Capture information abut IP traffic going into your interfaces:
    > VCP flow logs
    > Subnet Flow Logs
    > Elastic Network Interface Flow Logs
  • Helps to minitor & troubleshoot connectivity issues
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How to create a VPN connection between your VPC on AWS and on-premis site?

A

1) Virtual Private Gateway (VGW)
- VPN connector on AWS side.

2) Customer Gateway (CGW)
- Software application or physical device on customer/on-premise side of the VPN connection.

Important steps:
- Make sure to enable Route Propagation for the Virtual Private Gateway.
- If you need to ping your EC2 instances from on-premises, make sure you add the ICMP protocol on the inbound of your security groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is AWS VPN CloudHub?

A
  • Provide secure communication between multiple sites, if you have multiple VPN connections.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Direct Connect (DX)
p332

A
  • Provided a dedicated private connection from a remote network to your VPC.
  • Dedicated connection must be setup between your DC AWS Direct Connect locations
  • You need to setup a Virtual Private Gateway on your VPC
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What two resiliency do you get for direct connect?

A

1) High Resilliency
- One connection for multiple locations
2)Maximum Resiliency
- Having 2 or more connections at a location

17
Q

What can you use as a backup when you use Direct Connect as a primary connection?

A

You can make use of Site-toSite VPN.

18
Q

What is Transit Gateway?

A
  • When you have multiple VPC’s and you want to connect them all together.
  • Support IP Multicast
19
Q

What is Egress-only Internet Gateway?

A
  • Similar to a Nat Gateway but only used for IPv6
20
Q

VPC Section Summary

A

Goto P341

21
Q

What is AWS Network Firewall?

A
  • Protects your entire Amazon VPC
  • From layer 3 to layer 7 protection
  • Any network data can be inspected